Security Flaw in Linksys WiFi Router - Network

This is a discussion on Security Flaw in Linksys WiFi Router - Network ; June 03, 2004 Security Flaw Found In Linksys Wireless Router http://www.mobilepipeline.com/showAr...cleID=21401178 By Mobile Pipeline News The popular Linksys WRT54G wireless router has a security flaw that enables unauthorized remote access to its administrative functions, an expert claims. Independent consultant Alan ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Security Flaw in Linksys WiFi Router

  1. Security Flaw in Linksys WiFi Router

    June 03, 2004

    Security Flaw Found In Linksys Wireless Router

    http://www.mobilepipeline.com/showAr...cleID=21401178

    By Mobile Pipeline News
    The popular Linksys WRT54G wireless router has a security flaw that
    enables unauthorized remote access to its administrative functions, an
    expert claims.
    Independent consultant Alan W. Rateliff II said in a posted warning
    that the router will display its administrative Web over the Internet
    page via ports 80 and 443 -- even if the user turns off the remote
    administration function.

    After intruders access the administrative log-on screen, they can then
    get into the management functions because the default user name and
    passwords are obvious. Most such devices use, by default, obvious user
    names and passwords like "admin."

    "The implications are obvious: Out of the box the unit gives full
    access to its administration from the WAN using the default or, if the
    user even bothered to change it, an easily guessed password."

    Rateliff said he reported the problem to Linksys, which is a division
    of Cisco, in April but did not receive a response. Nor has the company
    updated the firmware for the router to fix the problem, he noted. The
    most recent firmware for the router, as posted on the Linksys Web
    site, is dated March 17, 2004.

    Besides changing to a complex password, Rateliff said a workaround is
    to forward ports 80 and 443 to non-existent hosts.




  2. Re: Security Flaw in Linksys WiFi Router

    My question to you is, WHAT device out the box IS Secure? Companies
    want to make thier products as plug n play as possible for users who
    want a working product right out of the box. Most of these products
    come with many security features that users just choose to ignore.
    That is why 70% of wireless users do not have any form of encryption
    on their access points, and 30% of them are left with all the default
    settings. These devices come with a ton of information on how to
    enable security and all that good stuff. Also Linksys has a wonderful
    knowledge base for those who seek extra information. So my point is
    if 70% of users out there with wireless networks do not implement any
    form of security measures this post is fruitless.

  3. Re: Security Flaw in Linksys WiFi Router

    On 5 Jun 2004 05:45:14 -0700, SekureSupport@aol.com (Mauricio
    Fernandez MCSE, CCNA) uncorked the following:

    |>My question to you is, WHAT device out the box IS Secure? Companies
    |>want to make thier products as plug n play as possible for users who
    |>want a working product right out of the box. Most of these products
    |>come with many security features that users just choose to ignore.
    |>That is why 70% of wireless users do not have any form of encryption
    |>on their access points, and 30% of them are left with all the default
    |>settings. These devices come with a ton of information on how to
    |>enable security and all that good stuff. Also Linksys has a wonderful
    |>knowledge base for those who seek extra information. So my point is
    |>if 70% of users out there with wireless networks do not implement any
    |>form of security measures this post is fruitless.

    The content of my post was copied & pasted from the link at the very
    top of the post. Why you chose to shoot the messenger is beyond my
    cognitive ability.

    I posted the link (and the article) in the hope that people who do not
    take security measures might at least change their passwords, and also
    to bring attention to a glaring problem with a particularly popular
    brand/model device.

    Many things in this life may appear "fruitless"; and indeed, sometimes
    they are. However, that shouldn't stop the dissemination of
    information to folks that otherwise might not see the information - by
    your calculations, some fraction of 30%.
    If even one person changes their security settings and avoids data
    loss, I'd say the post was well worth the effort.


  4. Re: Security Flaw in Linksys WiFi Router

    honestly, I was bored. Did not mean to shoot the messenger. My
    frustrations really are with people who should be more security aware.

    My apologies to you.

+ Reply to Thread